Waclaw Chrabaszcz
... there is no spoon ...

PowerShell & ActiveDirectory - BYOTD - Build your own test domain

Saturday, August 1, 2015 8:11 AM

Sometimes you'd like to test your scripts/polices/solution before the implementation against thousands of users. And as usuall, your personal LAB is too poor, on the other side your Admin considers OU creation in crime categories. I love these stories … "I won't create this GPO until you show me that it works. " I would say a typical IT paradox.

Psssst… the beer is open.

Let's create some better OU structure on my LAB domain. Cheers!

If you wondering how to build a domain and DC, I'd recommend you one of my previous posts: this or this. Once you've got an empty domain time to add some user and computer accounts. As usual uncle PowerShell is happy to help you.

$myDomain = " DC=testdomain,DC=net"
$myOU = "TEST"
$myPath = "OU="+$myOU+","+$myDomain

New-ADOrganizationalUnit -name $myOU -path "$myDomain" -ProtectedFromAccidentalDeletion $false
$testOU = Get-ADOrganizationalUnit -Identity "$myPath"

New-ADOrganizationalUnit -Name Server -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Desktop -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Laptop -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name User -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Group -Path $testOU -ProtectedFromAccidentalDeletion $false

$ServerOU = Get-ADOrganizationalUnit -Identity "OU=Server,$myPath"
$desktopOU = Get-ADOrganizationalUnit -Identity "OU=Desktop,$myPatht"
$laptopOU = Get-ADOrganizationalUnit -Identity "OU=Laptop,$myPatht"
$userOU = Get-ADOrganizationalUnit -Identity "OU=User,$myPath"
$groupOU = Get-ADOrganizationalUnit -Identity "OU=Group,$myPath"

New-ADGroup -Name Marketing -GroupScope Global -Path $groupOU
New-ADGroup -Name HR -GroupScope Global -Path $groupOU
New-ADGroup -Name Sales -GroupScope Global -Path $groupOU
New-ADGroup -Name IT -GroupScope Global -Path $groupOU

$MarketingGroup = Get-ADGroup -Identity "CN=Marketing,OU=Group,$myPath"
$hrGroup = Get-ADGroup -Identity "CN=HR,OU=Group,$myPath"
$SalesGroup = Get-ADGroup -Identity "CN=Sales,OU=Group,$myPath"
$ITGroup = Get-ADGroup -Identity "CN=IT,OU=Group,$myPath"

New-ADGroup -Name EMEA -GroupScope DomainLocal -Path $groupOU
New-ADGroup -Name AMER -GroupScope DomainLocal -Path $groupOU
New-ADGroup -Name APAC -GroupScope DomainLocal -Path $groupOU

$emeaGroup = Get-ADGroup -Identity "CN=EMEA,OU=Group,$myPath"
$amerGroup = Get-ADGroup -Identity "CN=AMER,OU=Group,$myPath"
$apacGroup = Get-ADGroup -Identity "CN=APAC,OU=Group,$myPath"

1..100 | %{ New-ADUser -Name TestUser$_ -Path $userOU}
1..100 | %{ New-ADComputer -Name Desktop$_ -Path $desktopOU}
1..100 | %{ New-ADComputer -Name Laptop$_ -Path $laptopOU}
1..50 | %{ New-ADComputer -Name Server$_ -Path $ServerOU}

1..100 | % {
$luckyShot = Get-Random(5)
if ($luckyShot -eq 1) {Add-ADGroupMember $MarketingGroup -Members TestUser$_ }
if ($luckyShot -eq 2) {Add-ADGroupMember $hrGroup -Members TestUser$_ }
if ($luckyShot -eq 3) {Add-ADGroupMember $SalesGroup -Members TestUser$_ }
if ($luckyShot -eq 4) {Add-ADGroupMember $ITGroup -Members TestUser$_ }

if ($luckyShot -lt 1) {Add-ADGroupMember $emeaGroup -Members TestUser$_ }
elseif ($luckyShot -gt 3) {Add-ADGroupMember $amerGroup -Members TestUser$_ }
else {Add-ADGroupMember $apacGroup -Members TestUser$_ }
}

the script is pretty simple; it creates a simple OU structure plus 100 child objects. To emulate real live scenarios, I randomly assigned users to groups. Would it be nice to create some GPO objects? Sorry man, my beer is empty …




Feedback

# shareit for pc

download shareit for pc 6/27/2017 6:45 PM | shareit

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

Thanks for sharing. I hope it will be helpful for too many people that are searching for this topic. five nights at freddy’s 7/12/2017 8:48 AM | Christina

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

here you can get SHAREit for pc 8/10/2017 1:58 PM | shareit download

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

amazing one line download 9/29/2017 4:36 PM | lineforpc

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

very good article multiappsforpc.com 12/4/2017 5:18 PM | Ram

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

Powershell isnt in use anymore but at Nottingham Driveways Pro we had to use the above string to help us sort out some issues with our old machines. Safe to say it did work, so thanks for your help! 2/27/2018 4:57 PM | Jimmy

# re: PowerShell & ActiveDirectory - BYOTD - Build your own test domain

Thanks for sharing this, it's help me a lot.
Packers and Movers in Ernakulam
Packers and Movers in Kochi
3/8/2018 9:55 AM | kanika

Post a comment